NA

CVE-2019-0220

Vulnerability Summary

A vulnerability in the Apache HTTP Server could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition on a targeted system. The vulnerability is due to the improper handling of URL requests that contain multiple consecutive forward slashes in the URL path component by the affected software. An attacker could exploit this vulnerability by sending requests that submit malicious input to the affected software. A successful exploit could allow the malicious user to cause the affected software to terminate abnormally, resulting in a DoS condition. Apache has confirmed the vulnerability and released software updates.

Vulnerability Trend

Vendor Advisories

Severity Unknown Remote Unknown Type Unknown Description AVG-946 apache 2438-1 2439-1 Medium Testing ...
Several security issues were fixed in the Apache HTTP Server ...
Several vulnerabilities have been found in the Apache HTTP server CVE-2018-17189 Gal Goldshtein of F5 Networks discovered a denial of service vulnerability in mod_http2 By sending malformed requests, the http/2 stream for that request unnecessarily occupied a server thread cleaning up incoming data, resulting in denial of service ...
There are multiple vulnerabilities in the IBM HTTP Server used by WebSphere Application Server CVE-2019-0211 affects version 9 non-windows platforms only ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4422-1 security () debian org wwwdebianorg/security/ Stefan Fritsch April 03, 2019 wwwdebianorg/security/faq ...
CVE-2019-0220: URL normalization inconsistincies Severity: Low Vendor: The Apache Software Foundation Versions Affected: httpd 240 to 2439 Description: When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions whil ...